Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2012-2493
HistoryJun 20, 2012 - 8:55 p.m.

CVE-2012-2493

2012-06-2020:55:02
CWE-20
cisco
web.nvd.nist.gov
27
cisco
anyconnect
secure mobility client
vpn
downloader
implementation
vulnerability
weblaunch
cisco anyconnect
cve-2012-2493
nvd
security
bug id
csctw47523
remote code execution

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.042

Percentile

92.4%

JSON

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523.

Affected configurations

Nvd
Node
ciscoanyconnect_secure_mobility_clientMatch2.0
OR
ciscoanyconnect_secure_mobility_clientMatch2.1
OR
ciscoanyconnect_secure_mobility_clientMatch2.2
OR
ciscoanyconnect_secure_mobility_clientMatch2.2.128
OR
ciscoanyconnect_secure_mobility_clientMatch2.2.133
OR
ciscoanyconnect_secure_mobility_clientMatch2.2.136
OR
ciscoanyconnect_secure_mobility_clientMatch2.2.140
OR
ciscoanyconnect_secure_mobility_clientMatch2.3
OR
ciscoanyconnect_secure_mobility_clientMatch2.3.185
OR
ciscoanyconnect_secure_mobility_clientMatch2.3.254
OR
ciscoanyconnect_secure_mobility_clientMatch2.3.2016
OR
ciscoanyconnect_secure_mobility_clientMatch2.4
OR
ciscoanyconnect_secure_mobility_clientMatch2.4.0202
OR
ciscoanyconnect_secure_mobility_clientMatch2.4.1012
OR
ciscoanyconnect_secure_mobility_clientMatch2.5
AND
microsoftwindows
Node
ciscoanyconnect_secure_mobility_clientMatch2.0
OR
ciscoanyconnect_secure_mobility_clientMatch2.1
OR
ciscoanyconnect_secure_mobility_clientMatch2.2
OR
ciscoanyconnect_secure_mobility_clientMatch2.2.128
OR
ciscoanyconnect_secure_mobility_clientMatch2.2.133
OR
ciscoanyconnect_secure_mobility_clientMatch2.2.136
OR
ciscoanyconnect_secure_mobility_clientMatch2.2.140
OR
ciscoanyconnect_secure_mobility_clientMatch2.3
OR
ciscoanyconnect_secure_mobility_clientMatch2.3.185
OR
ciscoanyconnect_secure_mobility_clientMatch2.3.254
OR
ciscoanyconnect_secure_mobility_clientMatch2.3.2016
OR
ciscoanyconnect_secure_mobility_clientMatch2.4
OR
ciscoanyconnect_secure_mobility_clientMatch2.4.0202
OR
ciscoanyconnect_secure_mobility_clientMatch2.4.1012
OR
ciscoanyconnect_secure_mobility_clientMatch2.5
OR
ciscoanyconnect_secure_mobility_clientMatch3.0
AND
applemac_os_x
OR
linuxlinux_kernel
VendorProductVersionCPE
ciscoanyconnect_secure_mobility_client2.0cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.0:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.1cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.1:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.2cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.2.128cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.128:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.2.133cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.133:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.2.136cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.136:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.2.140cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.140:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.3cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.3.185cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.185:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.3.254cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.254:*:*:*:*:*:*:*
Rows per page:
1-10 of 191

Related

zdi 1
cvelist 1
prion 1
nvd 1
securityvulns 2
nessus 3
openvas 2
cisco 1
zdi
zdi
Cisco AnyConnect VPN Client Arbitrary Program Instantiation Remote Code Execution Vulnerability
2012-08-22 00:00:00
cvelist
cvelist
CVE-2012-2493
2012-06-20 20:00:00
prion
prion
Code injection
2012-06-20 20:55:00
nvd
nvd
CVE-2012-2493
2012-06-20 20:55:02
securityvulns
securityvulns
ZDI-12-156 : Cisco AnyConnect VPN Client Arbitrary Program Instantiation Remote Code Execution Vulnerability
2012-08-26 00:00:00
Cisco AnyConnect Secure Mobility Client multiple security vulnerabilities
2012-08-27 00:00:00
nessus
nessus
Cisco AnyConnect Secure Mobility Client VPN Downloader RCE (cisco-sa-20120620-ac)
2012-07-02 00:00:00
MacOSX Cisco AnyConnect Secure Mobility Client Multiple Vulnerabilities
2012-07-02 00:00:00
MS 2736233: Update Rollup for ActiveX Kill Bits (2736233)
2012-09-11 00:00:00
openvas
openvas
Cisco Products ActiveX Control Multiple Vulnerabilities
2012-09-12 00:00:00
Cisco Products ActiveX Control Multiple Vulnerabilities
2012-09-12 00:00:00
cisco
cisco
Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
2012-06-20 16:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.042

Percentile

92.4%

JSON
Related for CVE-2012-2493
zdi1cvelist1prion1nvd1securityvulns2nessus3openvas2cisco1